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BACKGROUND 

This invention relates to the fields of computer systems and 
communications. More particularly, a system and methods are provided for 
facilitating the exchange of value among distributed users through computing 
devices. 

1 5 Existing methods of transferring or exchanging values among multiple 

persons have many shortcomings. For example, the use of cash requires regular 
replenishment, creates the need to make change, allows the possibility of theft or 
loss and has no built-in or easy method of keeping records concerning cash 
payments and receipts. Similarly, checks can be forged, they often provide only 

20 rudimentary record keeping (e.g., check stubs) and allow one to unwittingly 
overdraw a checking account. Credit cards may mitigate some of the problems 
' with cash and checks, but cannot be used for making payments or exchanging value 
between two or more individuals. 

In addition, the formalities of existing value exchange transactions can 

25 make them inefficient or difficult to complete. For example, transferring money to 
another person's bank or other financial account may require one to know the 
person's account number. That person may understandably be reluctant to divulge 
such information. 
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Thus, what is needed is a system and method for enabling value transfers 
without all the shortcomings of existing means and techniques. It would be 
desirable, for example, to allow a value exchange transaction to be conducted using 
a known or common identifier of a person (e.g., electronic mail address, telephone 
5 number) rather than other, more sensitive, information. 



In one embodiment of the invention a system and methods are provided for 
conducting a value exchange between two or more persons using a distributed value 

10 exchange system. 

In this embodiment the system may comprise one or more system servers 
configured to register a person or other entity (e.g., a business) as a system user and 
allow him or her to conduct value exchange transactions with persons who may or 
may not also be registered users. A user then employs a client computing device 

15 (e.g., a handheld, palmtop or desktop computer, a web-enabled telephone, a two- 
way pager) to initiate or conduct a value transfer. The value exchange may be 
conducted while online with (e.g., connected to) the system, while offline, while 
connected (e.g., via wireless connection) to another user's device, etc. When the 
transaction is submitted to the system, it notifies transaction parties that are as-yet 

20 unaware of the transaction and attempts to clear or finalize the transaction and 
adjust the users' account balances appropriately. 

A communication server may be configured to receive connections (e.g., 
wired and/or wireless) from persons wishing to become registered users. A 
synchronization server may be configured to facilitate the synchronization of user's 

25 client devices with the system. During synchronization, users' devices may submit 
transactions to the system, receive information on new or cleared transactions, 
synchronize account information on the system with the information on the client 
device, etc. A security server may be configured to enforce security procedures, 
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possibly using asymmetric and/or symmetric cryptographic techniques. A financial 
server interacts with other system servers and external financial institutions to 
enable a user to inject value into the system and withdraw value from the system. 
One or more databases may store account information for users (e.g., account 
5 information, transaction details) and help coordinate system activity. 

In one method of conducting a value exchange a person registers with the 
system, an account is created for him and system software is downloaded to his 
client device. The user may then conduct transactions on his client whether he is 
connected to the system or not. When not connected, the client stores transaction 

10 details and, when later connected to the system for synchronization purposes, 
uploads his transactions to the system and may receive transactions initiated by 
other users. Each transaction may include an identifier of another party to the 
transaction and the value to be exchanged. In one embodiment of the invention 
transaction parties may be identified by identifiers that have meaning outside the 

15 system, such as electronic mail addresses, telephone number, social security 

numbers, etc. Thus, the user may initiate a transaction with a person who is not a 
registered user as long as he knows an appropriate identifier of the person. 

When the system receives a new transaction initiated by a user it attempts to 
contact the other party or parties using the identifier(s) provided by the initiating 

20 user. If another party is a registered user, the system may also know other methods 
of contacting the party. For a party who is not already a user, he or she is invited to 
connect to the system, register and complete the transaction. 

Virtually any means of value transfer may be associated with the system. 
Users may introduce value into their system accounts via credit card, check, cash, 

25 electronic funds transfer, direct deposit, etc. Value may be withdrawn from the 
system using the same or similar processes. The value that is exchanged between 
transaction parties may be monetary (e.g., represented by United States dollars or 
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other currency) or have some other form, such as credits, affinity points, frequent 
flier miles, vouchers, barter points, etc. 

DESCRIPTION OF THE FIGURES 

5 FIG. 1 is a block diagram depicting a system for conducting value exchange 

transactions in accordance with an embodiment of the present invention. 

FIG. 2 is a flowchart illustrating one method of conducting a value 
exchange transaction in accordance with an embodiment of the invention. 

FIG. 3 depicts one form of an indirect value exchange transaction from a 
1 0 first user to a second user performed on the first user's mobile client device in 
accordance with an embodiment of the invention. 

FIG. 4 depicts one form of a direct value exchange from a first user to a 
second user conducted with the user's mobile client devices in accordance with an 
embodiment of the invention. 

15 

DETAILED DESCRIPTION 

The following description is presented to enable any person skilled in the art 
to make and use the invention, and is provided in the context of particular 
applications of the invention and their requirements. Various modifications to the 

20 disclosed embodiments will be readily apparent to those skilled in the art and the 
general principles defined herein may be applied to other embodiments and appli- 
cations without departing from the spirit and scope of the present invention. Thus, 
the present invention is not intended to be limited to the embodiments shown, but is 
to be accorded the widest scope consistent with the principles and features 

25 disclosed herein. 

The program environment in which a present embodiment of the invention 
is executed illustratively incorporates a general-purpose computer or a special 
purpose device such as a hand-held computer. Details of such devices (e.g., 
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processor, memory, data storage, display, wired/wireless communication capability) 
are omitted for the sake of clarity. 

It should also be understood that the techniques of the present invention 
might be implemented using a variety of technologies. For example, the methods 
5 described herein may be implemented in software executing on a computer system, 
or implemented in hardware utilizing either a combination of microprocessors or 
other specially designed application specific integrated circuits, programmable 
logic devices, or various combinations thereof. In particular, the methods described 
herein may be implemented by a series of computer-executable instructions residing 
10 on a storage medium such as a carrier wave, disk drive, or computer-readable 
medium. Exemplary forms of carrier waves may take the form of electrical, 
electromagnetic or optical signals conveying digital data streams along a local 
network or a publicly accessible network such as the Internet. 

15 Introduction 

In one embodiment of the invention a system and method are provided for 
facilitating an exchange of value between two or more persons using client 
computing devices. Values that are exchanged may be monetary in nature (using 
any currency) or may take other forms, such as credits, debits, discounts, vouchers, 

20 certificates, mileage (e.g., frequent flier miles), etc. The computing devices used to 
conduct an exchange transaction may or may not be portable in nature, and may 
employ virtually any communication media, including both wired and wireless. In 
one implementation of this embodiment, at least one user employs a portable 
computing device such as a handheld or palmtop computer, a smart telephone, a 

25 two-way pager, etc. A computing device suitable for this embodiment may always 
be linked to or in communication with another device (e.g., a system server), such 
as a networked personal computer, or may be disconnectable, such as a hand-held 
personal digital assistant (PDA). Thus, a value exchange transaction may be 
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conducted offline or online, while connected or disconnected from other system 
components. 

A system according to this embodiment of the invention includes at least 
one highly accessible computer server configured to facilitate value exchanges. 
5 Illustratively, a user who wishes to initiate a value exchange or value transfer with 
another party is registered with the server beforehand (e.g., an account is 
established for the user on the server). The other party may or may not be a 
registered user at the time the transaction is initiated or communicated to the 
system. 

10 In one method of conducting a value exchange according to this 

embodiment of the invention an entity involved in the exchange may be known by 
an identifier that has meaning or use outside of the system, such as an electronic 
mail address, a telephone number, a social security number, etc. Illustratively, each 
such identifier is only associated with one person or entity, thus promoting 

15 accountability. In an alternative method, however, multiple users or accounts may 
be associated with an identifier. 

In one implementation of a method of conducting a value exchange a 
registered user of the system initiates an exchange with an unregistered party by 
identifying that party to the system server by his or her electronic mail address. The 

20 registered user may provide various details of the value exchange, such as the form 
of the value (e.g., a monetary amount, a number of credits or affinity points), a date 
on which to effect the transfer, the unregistered party's name, etc. The system may 
then attempt to contact the unregistered party (e.g., via the provided electronic mail 
address), notify him or her of the value exchange, identify the initiating user and 

25 invite the unregistered party to connect to the server and close the exchange. The 
unregistered party may be required to register with the system in order to close the 
transaction. For example, if the value exchange is to the benefit of the unregistered 
user, he or she may wish to leave the value in the system in order to use it to 
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conduct an exchange with yet another party. Alternatively, the unregistered party 
may be permitted to provide just enough information (e.g., credit card number, 
address) to allow the system to close the transaction, without being registered. 
In different embodiments of the invention the value exchange may be 
5 initiated by the person who owes or is owed the value to be exchanged. Further, the 
value that is exchanged may be of virtually any form and/or may be transformed in 
nature. For example, a monetary amount or a credit or voucher held by a first user 
and accepted by a second user may be transferred from the first user to the second 
user in exchange for goods or services. Or, the value may change from one 

1 0 currency to another or from being monetary in nature to being represented by 

credits with a merchant, frequent flier miles, or some other value. Thus, a user may 
pay for goods or services with value in many different forms, including currency or 
points that are used only within the system (e.g., for transactions between users). 
The system may also be configured to allow users to perform normal 

15 banking operations (e.g., withdrawals, deposits, transfers), stock transactions, 

electronic ticketing, etc. In another embodiment of the invention a third party may 
be involved to hold the value in escrow until a transaction is closed. 

Value may be introduced into the system (and credited to a user's account) 
via cash, check, debit, or virtually any other method that is presently used or that 

20 becomes accepted in the business community. Value may exit the system in these 
and similar forms. 

In alternative embodiments of the invention a distributed system described 
herein may be used for forms of communication other than value exchanges. For 
example, in one alternative embodiment the system may be used to spread or 
25 disperse software among multiple users. Illustratively, a registered system user 
could then provide an unregistered person with the system software and thereby 
allow them to conduct a transaction. Advantageously, the software could be 
transmitted between users' client devices using wired or wireless communications. 
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One Embodiment of a System for Facilitating a Value Transfer 

FIG. 1 depicts an illustrative system for facilitating value transfers 
according to one embodiment of the invention. Alternative embodiments of the 
5 invention may incorporate any subset of the components of the illustrated system. 

The system of FIG. 1 includes central database 102, which is configured to 
store various information used to facilitate value exchange transactions. 
Illustratively, the information stored in database 102 includes accounts for 
registered users of the system as well as various information pertaining to 
10 unregistered users participating in or invited to participate in a transaction. User 
information for registered and/or unregistered users may include user identifiers 
(e.g., name, electronic mail address, telephone number, network address, physical 
address), transaction records, account balances in one or more different forms (e.g., 
money, frequent flier miles, store credits, affinity points, vouchers, coupons, 
15 discounts), preferred communication methods (e.g., electronic mail, wireless voice), 
security data, etc. 

In the system of FIG. 1, database 102 is accessed by communication server 
104, synchronization server 106, financial server 108 and possibly security server 
1 10. In this embodiment, communication server 104 and/or other system servers 

20 are configured to interact with one or more users through communication network 
120. For example, communication server 104 may be or may include a web server, 
telephone switch, DSLAM (Digital Subscriber Line Access Multiplexer), etc. 

A network presence, such as a web site on the Internet, that is hosted by 
communication server 104 may serve as a primary access point to the system for 

25 new and, possibly, existing users. Illustratively, users are given account names and 
passwords with which to access the system after being registered. Other forms of 
security (e.g., digital certificates, biometric devices) may be employed in other 
embodiments of the invention. 
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In one embodiment of the invention a user may download software for his 
or her computing device from communication server 104. In particular, 
communication server 104 may allow a person to register with the system, access 
and/or modify account information, conduct and clear transactions, etc. A user may 
5 be required, however, to register with the system before being able to initiate or 
close a transaction. 

Synchronization server 106 in the illustrated embodiment is configured to 
synchronize information stored on the system with users' client computing devices 
and locally stored data. Illustratively, a user may connect to the synchronization 

10 server to upload and/or download details of transactions (e.g., value exchanges) that 
involve the user. During a synchronization session, a user's client may receive 
updated account information (e.g., reflecting cleared transactions), may authorize 
the system to charge additional funds to the user (e.g., by charging a credit card or 
transferring funds from a bank account), access customer service, query the status 

15 of a transaction, initiate a new transaction, etc. 

Financial server 108 is configured to interface with one or more financial 
institutions, which may, in one embodiment of the invention, be external to the 
system. Thus, the financial server may interact with credit card companies, banks 
(including traditional and online banks) and other entities that handle or process 

20 value in suitable forms; in particular, the financial server may be configured to 

transfer funds through the ACH (Automated Clearing House). Financial server 108 
may be configured to automatically generate a charge or credit to a user's account 
with an external financial institution when the user's system account balance falls 
below or rises above a predetermined threshold. Further, the external value that the 

25 system can access for a user through financial server 108 may affect the number of 
transactions that the user can conduct or the amount of value in a transaction. 

Security server 1 10 may cooperate with one or more of database 102, 
communication server 104, synchronization server 106 and financial server 108 to 
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apply, ensure or enforce security for value exchanges and actions related to value 
exchanges. In one embodiment of the invention digital signatures may play a large 
part of the security scheme. DSA (Digital Signature Algorithm), a variant thereof 
(e.g., ECDSA or Elliptical Curve DSA), RSA or other digital signature protocol 
5 may be used. Symmetric cryptographic schemes such as DES (Digital Encryption 
Standard) may also be applied in the same or different embodiments. Message 
authentication codes may be used to verify the integrity and authenticity of 
messages exchanged between the system and a user. 

In a present embodiment of the invention public key encryption techniques 
10 may be used with digital certificates to create cryptographically verifiable 

transactions and prevent their repudiation. Symmetric encryption schemes may be 
employed for secure storage of data (e.g., on users' client devices and/or on the 
system). 

Illustratively the organization operating the value exchange system may act 
15 as a Certificate Authority and certify individual users, while certified users may, in 
turn, certify individual transactions. Certified users may be issued identity 
certificates for use in value exchange transactions. 

An identity certificate may include information such as the user's name, 
electronic mail address (or other meaningful identifier that identifies the user, such 
20 as a telephone number or social security number), account number or name, etc. 
Illustratively, an identity certificate also includes a public key of the user, which 
may be used to verify the authenticity of transactions conducted by the user. 

Individual users generate transaction certificates for transactions they 
conduct or initiate and the system authenticates them with the users' public keys 
25 (e.g., during synchronization). A transaction certificate may include the value being 
exchanged, an identifier of another party to the transaction, other details (if 
necessary or desired), and may be signed with the user's private key. In one 
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embodiment, a user's client computing device generates the public/key pair during 
user registration, and the private key is retained only on the client device. 

The illustrated system may communicate with users through various types 
of communication media. Communication network 120 may thus comprise a 
5 traditional wired network (e.g., the Internet) and/or a wireless network usable by 
portable devices such as portable computers (e.g., palmtop or handheld), smart 
(e.g., web-enabled) telephones, two-way pagers, etc. Therefore, users may interact 
with the system by operating devices such as client computer 122a, portable client 
computer or digital assistant 122b, wireless telephone 122c and/or other devices 

10 capable of communicating with communication server 104 and/or synchronization 
server 106. Illustratively, portable client computer 122b may be configured to 
conduct value exchanges with, or communicate them to, the system independently 
and autonomously. Or, in an alternative embodiment, portable client computer 
122b may be operated to record details of an exchange in a disconnected mode and 

1 5 then, when connected (e.g., docked) with another computing device (e.g., computer 
122a) to forward those details to the system in order to finalize the exchange, 
and/or synchronize with the system. 

A portable client device employed by a user to participate in a value 
exchange transaction may incorporate a series of instructions for interacting with 

20 the system. For example, in one embodiment of the invention a user's client device 
includes a wallet application that allows the user to access his or her account 
balance(s) while connected to the system and/or while disconnected from the 
system. Illustratively, in this embodiment of the invention a user's device 
periodically connects to synchronization server 106. During such a connection the 

25 user's device communicates with the server to send and receive new transaction 
information (e.g., details of new value exchanges involving the user) and/or receive 
updated account information (e.g., to reflect closed transactions). The user may 
also authorize or perform other activities involving his or her account, such as 
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transfer value to or from a system or institution external to the value exchange 
system. 

One Method of Conducting a Value Exchange 

5 In one embodiment of the invention a value exchange transaction may be 

conducted by a single user (e.g., with his client device), while connected to or 
disconnected from a system server (e.g., communication server 104, 
synchronization server 106 of FIG. 1) or another party's client. In particular, in one 
embodiment of the invention a user initiates a transaction by submitting it to the 

1 0 system, which then takes action to close the transaction by notifying another 
participant, and possibly registering the other participant with the system. In an 
alternative embodiment, however, a transaction may be conducted in a direct 
communication between two (or more) parties, after which details of the transaction 
are submitted to one of the system servers. In this alternative embodiment, at least 

1 5 one of the parties (e.g., from whom value is being transferred) may be required to 
be registered with the system. 

Illustratively, a transaction cannot be closed or finalized until the system 
learns of the transaction from one of the involved parties, identifies the other 
participant(s) and determines how to transfer the value. Closure of a transaction 

20 may include the actual transfer of value from one party (e.g., in a first account 
and/or form) to a second party (e.g., to another account and/or form). Parties to a 
transaction may need to be registered with the system and/or provide certain 
information (e.g., to identify a party, verify a party's identity, determining how to 
transfer value to or from the party) before the transaction can be closed. 

25 In this section, one or more methods are described for using a value 

exchange system such as that depicted in FIG. 1 to effect a value exchange between 
two or more parties. The methods and operations described here may be altered or 
modified for different types of computing devices that a party may employ and/or 
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different system or transaction configurations without exceeding the scope of the 
invention. 

In one embodiment of the invention the system of FIG. 1 may be envisioned 
as a system for facilitating or conducting a financial transaction involving two or 
5 more persons. Illustratively, at least one person in the transaction is already 

registered (e.g., has an account) with the system so that at least one form or conduit 
for transferring value exists. Advantageously, however, a registered user may 
initiate a transaction with an unregistered party, who may be identified to the 
system with an existing identifier such as an electronic mail address, telephone 
10 number, IP (Internet Protocol) address, etc. Thus, in this embodiment identifiers 
associated with unregistered users (and/or registered users) may already have 
significance or use outside of the system and there may thus be some degree of 
assurance that they can be reached through or with those identifiers. 



15 conduct value exchanges and other transactions using portable, semi-portable and 
other computing devices. In particular, the system enables a user to conduct a 
secure transaction from his or her client device directly (e.g., to another user or 
person having a compatibly equipped device) or indirectly (e.g., by describing or 
submitting the transaction to a system server, which may then notify another 

20 transaction party). 

Illustratively, in a direct transfer the parties may exchange cryptographic 
tokens in order to prevent later repudiation and authenticate the transaction to the 
system, and, once the system is informed of the transaction by at least one party, the 
transaction can be closed. In an indirect transfer the system may contact another 

25 party (e.g., by electronic mail or telephone) on behalf of an initiating user and, if the 
party is not already registered, invite that party to register with the system in order 
to receive and/or conduct their own transfers or exchanges. In one embodiment of 
the invention the invited party may, of course, be able to satisfy his or her part of 



Once known to (e.g., registered with) the system, however, a user may 
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the transaction (e.g., receive or pay money or other value) without registering with 
the system. For example, he may send payment to or receive payment from the 
system in a traditional form (e.g., check, credit card, debit card). 

With reference now to FIG. 2, an illustrative method of conducting an 
5 indirect value exchange transaction according to one embodiment of the invention 
is presented. The illustrated method is suitable for use with the system depicted in 



In state 200, a first user (USER1) registers with the system, one method of 
which is described in a following section. Illustratively, as part of the registration 

10 process USER1 provides his or her name and residence/postal address, a 

meaningful identifier (e.g., electronic mail address, telephone number, social 
security number) and pertinent financial information. Financial data provided by 
USER1 may include a credit card or bank account to be credited or charged for 
individual transactions and/or when the value of a transaction exceeds a 

1 5 predetermined limit. In particular, users may be assigned limits on how much value 
they can transfer through the system, based on the financial data regarding them, the 
degree to which their personal information (e.g., address) can be verified, etc. The 
limit may affect the size or number of uncleared transactions that a user may be 
involved in at a given time. 

20 A registered user may be assigned an account number or other identifier 

within the system. As mentioned above, however, a party may be included in a 
transaction by specifying an externally meaningful identifier (e.g., electronic mail 
address, telephone number) associated with the party. USER1 may register with the 
system, and conduct transactions, using virtually any form of client device (e.g., 

25 handheld or palmtop computer, desktop, web-enable telephone) having the ability 
to communicate with another computing device (e.g., a system server). 

In the presently described embodiment of the invention a digital certificate 
is generated for or provided by USER1 as part of the registration process. 



FIG. 1. 
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Illustratively, a certificate generated for USER1 includes USER1 's name and 
electronic mail address (or other meaningful identifier) and a public key signed by 
the system, all of which are encrypted by a code (e.g., a Personal Identification 
Number or PIN) previously assigned to or chosen by USER1 . In one method of 
5 registering a user described in a later section, a public/private pair of cryptographic 
keys is generated (e.g., by the user's client or security server 110) and the private 
key is retained only by the client or other computer system operated by the user. 

In state 202 USER1 enters a transaction in his client using software 
provided by the system. Illustratively, USER1 simply enters the electronic mail 

10 address, telephone number or other identifier of a party (e.g., USER2) with whom 
he wishes to exchange value, plus the value to be transferred. In this embodiment, 
the value may flow in either direction (i.e., from or to USER1). The amount of 
value that USER1 may transfer (if the value is to flow to USER2) may be limited to 
his system account balance (e.g., which may be stored on his client and updated 

1 5 when the client synchronizes with the system). This amount may be decreased by 
any other transfers (to other users) that have been requested or initiated but not yet 
cleared. If, however, USER1 has provided other payment arrangements (e.g., 
through a credit card, electronic funds transfer), then he may be able to exceed his 
account balance. 

20 USER1 may be required to enter a security code (e.g., Personal 

Identification Number or password) to activate the client system software before 
entering a transaction. Illustratively, if an incorrect code is entered a predetermined 
number of times (e.g., ten), the ability to enter transactions may be disabled and 
USER1 may be required to contact or synchronize with the system (as described 

25 below) in order to re-enable the client software. 

The software may maintain a list of all parties with whom USER1 has 
previously conducted a value exchange transaction, in which case he may just select 
USER2's identifier if she is included in the list. The client system software 
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employed by USER1 may offer multiple transaction options. For example, USER1 
may be able to initiate a unilateral transfer to (or from) USER2. USER1 may also 
be able to initiate a bilateral transaction if his client and USER2's client are capable 
of direct (e.g., wireless) communication. Yet further, USER1 may be able to 
5 transmit the client system software to USER2's client device. In this case, 
however, USER2 may not be able to transfer value to another party until she 
registers with the system (and opens an account). 

At some time after entering the transaction in his client, in state 204 USER1 
synchronizes with synchronization server 106. In particular, USER1 initiates 

10 whatever commands or actions are necessary to connect his client with the 

synchronization server. The client may be able to connect directly, perhaps through 
a wireless connection, or through any number of intermediate devices or media 
(e.g., the Internet). In particular, if USERl's client is a portable device, he may be 
required to dock it or otherwise connect it to another computer system in order to 

15 initiate a connection to synchronization server 106. 

Synchronization may be required on a regular basis (e.g., at least once every 
thirty days). If this requirement is not satisfied, the client software may 
automatically prevent USER1 from making payments or initiating transactions. In 
addition, transactions made on USER1 's client may be automatically canceled or 

20 nullified if he does not synchronize within a certain period of time (e.g., thirty days) 
after entering the transaction in the client. 

In a typical synchronization process according to one embodiment of the 
invention, USERl's client connects to synchronization server 106 and identifies 
USER1 by his system account number (and/or electronic mail address, telephone 

25 number or other meaningful identifier). The server locates a user record for USER1 
(e.g., in database 102) and retrieves a code (e.g., a PIN) assigned to or associated 
with the user. A digital certificate associated with USER1 , and which is to be 
transmitted to USER1 during synchronization, is then encrypted with this code; this 



16 



Attorney Docket No. X00-001 



Inventors: Levchin, et al 



DEVC:\MY DOCUMENTS\X.COMW00-001VX00-00I APPLICATION. DOC 



digital certificate may be the certificate that was generated when USER1 was 
registered. Illustratively, however, the digital certificate may be augmented with 
one or more transaction certificates for transactions involving USER1 that have 
been reported to the system by other users. The digital certificate may also be used 
5 to pass a new code (e.g., PIN) to USER1 . 

If there is no digital certificate stored on the system for USER1, the 
synchronization server requests USER1 's password and electronic mail address (or 
other identifier). If this information is verified, a new key pair may be generated 
and a new digital certificate issued. 

10 After the initial synchronization connection is established, the client sends 

the present transaction (and any others it has stored and not already sent) to the 
server. The transactions may be sent using digital transaction certificates, as 
described above. The client is informed if any previous transactions of USER1 
have cleared (e.g., another party in a previous transaction may have connected to 

15 the system and accepted the transaction), in which case they may be removed from 
the client. The server may then prioritize uncleared transactions according to some 
criteria (e.g., date, time, other party(ies), transaction value, direction of value 
transfer). 



20 which to record transactions conducted by and/or involving the user. An entry is 
then made in the log when the user initiates a transaction. An entry may also be 
made in the log for each transaction (e.g., initiated by another party) that the client 
learns of from a system server (e.g., during synchronization). Entries may be 
removed or archived after their associated transactions clear. 

25 In one method of the invention account balances are altered during the 

synchronization process. In particular, USER1 's account is debited for all values 
being transferred away from USER1 . Conversely, however, USER1 's account may 
not be credited for incoming value transfers initiated by USER1 until the other 



A user's client (and/or a system server) may maintain a transaction log in 
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parties to such transfers synchronize or otherwise acknowledge or approve them 
(e.g., until the transactions clear). If USERl's system account has an insufficient 
balance to make a transfer (e.g., to USER2), his credit card or other value stream 
may be tapped (e.g., by financial server 108) to cover them. 



the transaction is communicated to the system along with any other transactions not 
yet submitted. In exchange, the synchronization server may inform the client of any 
closed transactions and download transactions that involve USER1 that were 
initiated by other parties. Therefore, the synchronization process of state 204 may 

10 involve updating USER1 's client and the system with various transactions to which 
USER1 is a party. Account balances on a system server and/or the client may be 
altered accordingly during the synchronization process or afterwards. 

In state 206 a system server (e.g., synchronization server 106) receives the 
details of the USER1/USER2 transaction (e.g., including an identifier of USER2 

15 and the value to be transferred). If the value exchange is from USER1 to USER2, 
USER1 5 s account may be automatically debited by the amount of the transfer; this 
may require a charge to a credit card or bank account associated with USER1 . In 
the illustrated embodiment, however, account updates may be postponed until a 
later stage of the procedure. 

20 In state 208 the system attempts to inform USER2 of the transaction. In this 

embodiment the system uses the identifier submitted by USER1 (e.g., by generating 
an automated electronic mail message or voice message). If, however, USER2 is a 
registered system user, her account may be examined to determine if she has a 
different, preferred, method of receiving transaction communications. If USER2 is 

25 not a registered user, the automated message includes details concerning what she 
should do to receive the value. For example, a system web site hosted by 
communication server 104 may be identified and USER2 invited to connect to the 
site and register. 



5 



Thus, in state 204, once USER1 has connected to the synchronization server 
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In state 210, which may occur simultaneously with state 208, the system 
determines whether USER2 is a registered user. If so, then she need not register 
and the procedure continues at state 214. 

In state 212, however, USER2 is unregistered at the time of the transaction 
5 with USER1 and therefore may be required to register before the transaction can be 
closed, particularly if the value is to be transferred from USER2 to USER1. By 
registering with the system, USER2 may receive or submit the transaction value 
using virtually any normal means for conveying value (e.g., credit card, check, debit 
card, electronic funds transfer). However, in one alternative embodiment of the 
10 invention USER2 may not be required to register. In particular, in this alternative 
embodiment she may be able to make a one-time payment to or withdrawal from 
the system (e.g., with a credit card or check). 

In state 214 USER2 accepts or acknowledges the transaction. Acceptance 
may be implied if she was an unregistered party and registers in response to the 
15 invitation from the system. State 214 may only be required for transactions in 

which the value is to be transferred from USER2 to USER1 . In other words, when 
a first user initiates a transaction to transfer value to another user, the other user's 
acknowledgement may not be needed. However, if a first user initiates a 
transaction to receive value from another user, it may be necessary to receive 
20 approval from the other user before closing the transaction. 

In state 216 the transaction is closed by altering system account balances for 
USER1 and USER2 according to the value of the transaction. In addition, the user 
that is providing value to the other party may need to inject additional value into the 
system in order to cover the transaction. Thus, financial server 108 may charge the 
25 user's credit card, conduct an electronic funds transfer or take other action. Further, 
if there is a limit or maximum on the receiving user's account balance, the financial 
server may credit value to his or her credit card, debit card, bank account, etc. 
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In state 218 the client devices for USER1 and USER2 are updated according 
to the transaction (and, possibly, other transactions). If, however, USER1 or 
USER2 are disconnected from the system at the time, their devices may be updated 
(e.g., by synchronization server 106) the next time they connect. After state 218 the 
5 illustrated procedure ends. 

In a present embodiment of the invention USER1 may be granted affinity 
points or some other reward for introducing a new user to the system. In particular, 
if USER2 was not a registered user at the time USER1 submitted the transaction to 
the system, he may be rewarded if USER2 registers in response to the transaction 
1 0 notification from the system. 

The embodiment of the invention illustrated in FIG. 2 and described above 
is but one method of conducting a value exchange with a system such as that 
depicted in FIG. 1 . This method may be readily modified to accommodate the use 
of various types of client devices, communication media and communication 
15 sequences. In particular, the preceding method may be applied as described, or 
slightly altered, to conduct a value exchange between a registered user and an 
unregistered party, between two or more registered users, or in virtually any 
circumstance in which value is being exchanged. 



20 user on a mobile client device. In FIG. 3 UserA enters the value exchange in her 
device, ClientA. The transaction is then submitted to a system server, possibly 
during a synchronization process. The amount of the value (if UserA is authorized 
to transfer the full value) is removed from UserA' s account and UserA' s client 
device is updated with her new account balance. Additional funds or value may be 

25 retrieved from a bank, credit card, ACH, or other financial source associated with 
UserA if her account balance falls below a minimum level or the transfer is 
necessary in order to complete the requested exchange. The value is deposited in 



FIG. 3 depicts one form of an indirect value exchange performed by one 
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UserB's account, which may require an account to be created for UserB if he is not 
already a registered user. 

In one embodiment of the invention the value of a transaction may be held 
in escrow. In this embodiment the user initiating the transaction chooses an option 
5 to have the value placed in escrow. If this user is the payor (e.g., the party from 
whom value is being transferred), the user's account may be debited as soon as the 
transaction is communicated to the system, but instead of being credited to the 
specified recipient, it is held in an escrow account. Illustratively, the value 
recipient is notified that a value is being held and, possibly, the conditions for 

10 releasing it. The system may require that both parties agree before the funds are 
transferred to the recipient or back to the payor. The system may be configured, by 
default, to complete the transfer after a certain period of time if there is no objection 
from a party or, conversely, to cancel the transaction unless one or both parties 
affirm it within the specified period of time. 

15 The following sub-sections describe methods of conducting a value 

exchange in different environments or circumstances from those described above. 



CONDUCTING AN ONLINE VALUE EXCHANGE 

In one alternative method of conducting a value exchange, a user connects 

20 to the value exchange system (e.g., the system of FIG. 1) through an Internet 

connection (e.g., from a desktop or wireless client). In this method, communication 
server 104 of the system of FIG. 1 comprises a web server hosting a web site for the 
system. A user wishing to initiate a transaction connects to communication server 
104 and satisfies the necessary security requirements by providing a username, 

25 account name or other identifier (e.g., electronic mail address, telephone number) 
and a password. In one alternative of this embodiment, a cryptographic security 
policy may be enforced that requires the user to provide cryptographic 
authentication or a security token. 
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The user completes an online form by providing information such as an 
identifier (e.g., electronic mail address, telephone number, social security number, 
account name) of another party to the transaction and the value to be transferred. 
Also, the user may specify whether the value is to be transferred from him to the 
5 other party or vice versa. The user's interface with the system (e.g., the web page 
presented to the user when he connects or logs in) may be personalized to the user. 
In particular, identifiers of parties with which the user has transacted in the past 
may be available for ready selection, in which case the user need not remember or 
enter an identifier but can, instead, pick one from a list. 

10 If the other party is already a registered system user, the system may then 

proceed to conduct the value transfer. Illustratively, if the value is to flow from the 
initiating user to the other party, the system may not require the approval or 
authorization of the other party to finalize or close the transaction. The system may 
simply send notification of the transaction (e.g., via electronic mail) to the party. In 

15 contrast, if the value is to flow from the other party to the initiating user, the system 
may require the other party's approval before closure. When the value of the 
transaction flows from the initiating user to the other party, the user's account may 
be debited by the amount to be transferred even before the transaction closes (e.g., 
before the other party accepts the transaction). 

20 If the other party is not a registered system user, the system notifies the 

party of the pending transaction by using the identifier provided by the initiating 
user. The notification may thus be sent via electronic mail. Illustratively, the 
notification identifies the user who initiated the transaction, informs the other party 
of the amount of the transaction and specifies how/where (e.g., a web page or site) 

25 to complete the transaction. In order to receive the value or submit the value 

requested by the initiating user, the other party may then connect to the system and 
register. A method of registering a new user is described in a following section. 
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Unlike an offline transaction (e.g., using a disconnectable portable 
computing device), when conducting a transaction online a user may be able to 
access account information and/or close the transaction in real time. 

The method of the invention described in this sub-section is suitable for 
5 application with clients that can establish and maintain a real-time link with the 
system, whether through the Internet via a wired or wireless connection, through a 
telephone connection (wired or wireless), etc. 

CONDUCTING A DIRECT (CLIENT TO CLIENT) VALUE EXCHANGE 

10 In one alternative embodiment of the invention a method is provided in 

which two parties employ their client computing devices to conduct a value 
exchange. If they are disconnected from the system while conducting the 
transaction, after the transaction one or both of them submit the transaction to the 
system (e.g., via communication server 104 or synchronization server 106 of the 

15 system of FIG. 1). This method is particularly suited to the use of mobile 

computing devices and smart or web-enabled telephones that can communicate 
directly (e.g., via a wired or wireless communication medium) with another client. 

The option to conduct a client-to-client transaction may be just one of 
several options available to a user. For example, the system software installed on 

20 the client device may also enable one user to transmit the system software to 
another user, conduct a unilateral transaction (e.g., as described above in 
conjunction with FIG. 2), view his or her account balance(s) (which are updated 
each time the client is synchronized) or transaction log, use a calculator, etc. 

If the user elects to make a client-to-client transaction, the user's client may 

25 automatically attempt to establish contact with another client. The client may be 
configured to make such connections in a wireless or wired mode. 

In this method each user activates his or her computing device and one of 
them operates the installed system software to initiate a payment to or from the 
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other user. This may require the user to enter a Personal Identification Number 
(PIN) to activate the software. The other user's client may then prompt him or her 
to accept or reject the transaction, particularly if the value of the transaction is to be 
transferred from the other user to the first user. If only one user has the software 
5 installed, the software may be transmitted to and installed on the other user's device 
as part of, or as a precursor to, the transaction. 

Illustratively, the account balance of the user giving the value (e.g., as 
indicated in the system software) decreases when the transaction is conducted. 
Closing the transaction may require the paying user's credit card, debit card or other 

10 method of providing value to the system to be charged (e.g., if his or her account 
balance is too low). The transaction may not be closed until one of the users 
forwards the transaction to the system (e.g., during a synchronization session with 
synchronization server 106). The client software may allow a user to make notes or 
comments to be saved in a transaction log with the details (e.g., value, other user's 

1 5 identifier) of the transaction. 

In one method of conducting a direct value exchange, the users may 
exchange digital certificates (e.g., transaction certificates) or other tokens in order 
to authenticate each other and/or demonstrate to the system that the transaction is 
valid and was not spoofed or faked by one of the parties. 

20 FIG. 4 depicts one form of a direct value exchange performed between two 

users having mobile client devices. In FIG. 4 UserA electronically transfers the 
value from her ClientA to UserB's ClientB. The transaction is then submitted to a 
system server by one of the transaction parties, possibly during a synchronization 
process. The amount of the value (if UserA is authorized to transfer the full value) 

25 is removed from UserA' s account and deposited in UserB's account. Additional 
funds or value may be retrieved from a bank, credit card, ACH, or other financial 
source associated with UserA if her account balance falls below a minimum level 
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or the transfer is necessary in order to complete the requested exchange. Both of 
the users' client devices are updated with their new account balances. 

Canceling a Value Exchange 

5 In various situations a user may wish or need to reverse or cancel a value 

exchange. For example, while attempting to conduct a transaction with another 
party a user may provide an incorrect identifier - such as a non-existent or invalid 
electronic mail address or a valid electronic mail address that is associated with 
someone other than the desired party. In one embodiment of the invention a value 
10 transfer may be undone if the situation warrants. In particular, if it is determined 
that an exchange should be undone, the system may cancel the value transfer, 
reverse it, redirect it (e.g., transfer the value to a third party) or nullify it in some 
other manner. 

If an identifier of a transaction party (e.g., electronic mail address) provided 
15 by a user is unusable (e.g., invalid), the user may specify whether to reverse or 

redirect the transfer or the system may apply a default action (e.g., return the value 
to the user). This situation may occur, for example, if an electronic mail 
notification of the transaction to the other party is undeliverable (e.g., incorrect 
address, party's electronic mail server is unavailable). 
20 If the party identifier is a valid identifier, but is not associated with the 

intended party, rectifying the situation may be more difficult. For example, if the 
transaction has already been closed and the value credited to the incorrect party, the 
transaction may be irreversible. The initiating user may, of course, contact that 
party and attempt to retrieve the value. 
25 If the party identifier is valid but is not associated with the intended party 

and the transaction has not yet closed, the user may be able to retrieve the value. 
Some period of time (e.g., six months) may be established for automatically 
canceling or reversing uncleared transactions or during which the user may request 
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cancellation of the transaction. For example, if a user initiates a transaction and six 
months later the recipient still has not claimed the value, the system may 
automatically reverse or cancel the transfer. Before that time, however, the 
initiating user may have to request the transaction be nullified. The system may 
5 attempt to contact the incorrect party before doing so. 

Registering a New User in One Embodiment of the Invention 

As described earlier, in one embodiment of the invention a user must be 
registered with the value exchange system before being able to initiate or close a 
10 transaction with the system. This section describes one method of registering a new 
user, during which the user may download or otherwise receive software configured 
to allow the user's client device to interact with the system and/or other user's 
clients. 

Illustratively, a new user may register with the system in many ways, such 
1 5 as through a system web site, via a web-enabled telephone, via normal voice 

telephone contact, via electronic or normal mail, etc. The level of access or degree 
to which a user may employ the system after registration may, however, depend 
upon how the user registers, how much information is provided during registration, 
how much of the information is verified, etc. For example, if a user-provided 
20 telephone number, electronic mail address, street address, and/or other information 
is all verified, the user may be granted greater system access or be allowed to 
conduct transactions involving more value than if the information is incorrect, 
unverifiable or not provided. 

In one embodiment of the invention a potential new user connects to 
25 communication (e.g., web) server 104 of the system of FIG. 1 and completes a 
registration form. Advantageously, the registration process is done in a secure 
mode (e.g., with SSL (Secure Sockets Layer)). The registration form may elicit or 
require personal information such as name, residential (e.g., street) address, 
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telephone number(s) (e.g., daytime, nighttime, mobile), etc. Information to be 
associated with the user's account is also requested, such as an electronic mail 
address, social security number, some information that may be used for security 
purposes (e.g., mother's maiden name), etc. The user may also be prompted to 
5 enter a password to be used for the new account and/or a PIN (Personal 

Identification Number) for activating system software on the user's mobile device. 
Illustratively, when the user wishes to initiate or accept a transaction while using 
his mobile device, he may be required to enter the PIN before the software will 
function. 

10 The user may be required to agree to specific terms for using the system. 

The system may then attempt to verify one or more pieces of information provided 
by the user. Thus, a confirmation communication may be sent to the user's street 
address, electronic mail address, mobile device, etc. A confirmation 
communication may include a code (e.g., a PIN) that the user is instructed to 

1 5 provide to the system (e.g., web server 1 04) in order to complete or continue the 
registration process. 

In an embodiment of the invention in which a new user registers with the 
system using a smart or web-enabled telephone, the registration process may be 
tailored to the device and the limited display means of such a device. Thus, some 

20 of the registration information (e.g., telephone number, name) could be derived 

from the telephone or the signal received from the telephone. And, the information 
required of the user may be reduced to a minimum if it must be entered through the 
telephone's keypad. 



25 required to be unique. For example, in an embodiment of the invention in which 
transaction participants may be identified by their electronic mail addresses, the 
system may require a one-to-one mapping between addresses and users. In another 
embodiment users may be identifiable by telephone numbers. Again, the system 



Illustratively, some of the information associated with a system user may be 
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may allow each telephone number to be associated with only a single user, although 
extension numbers could, perhaps, be added to differentiate between multiple users 
reachable at one number. One reason for this limitation is to allow a value 
exchange participant to identify another participant using a common identifier that 
5 is, or may be, already known. In one alternative embodiment, however, a user may 
be known by an account number or other identifier generated by or for the system. 
In another alternative embodiment, some or all users may be identified by multiple 
identifiers, in which case multiple users may be associated with a particular 
identifier (e.g., electronic mail address) but also have other identifiers that 

1 0 distinguish them. 

After a user is registered with the system, he or she may then establish an 
initial and/or default method of providing funds. For example, the user may 
identify a credit card, a bank account, a debit card or other source of value to be 
charged when the user transfers value to another person or at other times when 

15 value must be added to the user's system account. The amount of system credit or 
the limit placed on the user's system activity may be determined in part or in whole 
by the form of value transfer the user employs, the level of credit or value transfer 
authorized by the user's financial institution, the degree to which the user's 
personal or account information has been verified, etc. For example, if the user's 

20 street address cannot be verified (e.g., he or she does not submit the code mailed to 
the address they provided), or the address of his/her credit card does not match 
his/her mailing address, or the user's credit card limit is low, then he or she may be 
limited to a first level of system usage. If, however, the user's personal or financial 
information is verified and/or their credit card limit is relatively high, he or she may 

25 be allowed to transfer much more value through the system. In short, the level of 
trust, authentication, verification or security that the user provides to the system 
may affect the amount or level of system usage the user is granted. 
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Until a user submits credit or debit information his or her system limit may 
be kept at zero, indicating that he or she is not authorized to transfer value to other 
parties. The user may, however, be able to receive value transfers as soon as he or 
she is registered. 

5 A user may also be able to place value in his or her system account through 

direct deposit, a personal check, electronic funds transfer, etc. Illustratively, 
however, funds submitted via these methods are not available for transfer until they 
clear. Users may choose multiple methods of depositing value into their accounts 
(and retrieving value from their accounts) and may be required to provide whatever 
1 0 information is necessary (e.g., bank routing or account number) to implement those 
methods. 

Registration may or may not be required before a user can download and 
install software configured to allow a user to make a value exchange. A software 
download may be part of the registration process or may, alternatively, be 
1 5 conducted before or after a user registers. The following is a description of a 
software download/installation process according to one embodiment of the 
invention. 

To receive the software the user first connects his client device to an 
appropriate system server (e.g., communication server 104 or synchronization 

20 server 106 of the system of FIG. 1). The user makes a choice to download the 
software and may need to identify his or her device so that the correct software is 
provided. A registered user may also identify himself to the system, in which case 
the system may automatically determine (e.g., by communicating with the user's 
device or referring to account information in database 102) whether the user needs 

25 to update his software. 

The software that is downloaded may depend upon the user's normal or 
expected method of accessing the system. For example, if the user employs a 
portable device the downloaded software may be tailored to the particular device to 
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allow it to communicate and interact directly with the system. If the portable 
device is a disconnectable device that must be docked with or otherwise connected 
to another computer system (e.g., a desktop or workstation, herein termed a 
"conduit" computer) in order to communicate with the system, then the downloaded 
5 software may include modules for the disconnectable device and/or the other 
computer system. 

The appropriate software is then copied to the user's device. Other 
software, perhaps provided by a manufacturer or vendor of the user's device may 
need to be in operation in order to fully install the system software. For a 

10 disconnectable portable computing device, a first software module is installed on 
the conduit computer, after which the device may be docked in order to install a 
second module on the device. The first module may be configured to synchronize 
the user's locally stored data and information with synchronization server 106, 
while the second module may be configured to conduct disconnected transactions 

15 and communicate them to the conduit computer. Thus, after a transaction is 
conducted with the client while disconnected, it is communicated to the conduit 
computer, which then synchronizes with synchronization server 106. The client 
software module may be considered a "wallet" application. 



20 his portable device to transfer value to another person, he must be authenticated to 
the system. Thus, in one embodiment of the system the user inputs his username 
(e.g., account name, electronic mail address or other system identifier) and 
password, which the conduit passes to the system (e.g., synchronization server 106, 
security server 1 10) for verification. If the user is verified, a pair of cryptographic 

25 keys may be generated (e.g., by the conduit computer or security server 110). In the 
presently described embodiment the user's conduit computer generates the key pair 
and passes the public key to the system to be signed. The signed key may be 
returned in encrypted form (e.g., encrypted with the user's PIN). Illustratively, both 



Illustratively, after new software is downloaded, and before the user can use 
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the private key and signed public key are then stored only on the user's portable 
device (i.e., not on the conduit). 

When a user installs new software (e.g., a new version), uncleared 
transactions may be automatically cleared (with synchronization server 106) or 
5 archived. If the user installs new software on a different device, the digital 
certificate on the original device may be invalidated. 

The foregoing descriptions of embodiments of the invention have been 
presented for purposes of illustration and description only. They are not intended to 
10 be exhaustive or to limit the invention to the forms disclosed. Accordingly, the 

above disclosure is not intended to limit the invention; the scope of the invention is 
defined by the appended claims. 
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